Server-side security war games: Part 16

This is the last level. We’re challenged with an improved version of level 9 – they’ve added additional “sanitation” to keep us out.

    if(preg_match('/[;|&`\'"]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i \"$key\" dictionary.txt");
    }

Server-side security war games: Part 14

In level 14, we see a more traditional username & password form. Let’s check the source code to see if there are holes we can slip through.

Server-side security war games: Part 13

This is level 13. Looks like they claim to only accept image files, in order to close the flaw we used previously. I bet we can get around that restriction just like we did when they disallowed certain characters in the search term. Let’s examine the code.

Here’s the new part of the code:

    if (! exif_imagetype($_FILES['uploadedfile']['tmp_name'])) {
        echo "File is not an image";
    }

Server-side security war games: Part 12

In level 12, we’re given a file upload form. Let’s take a look at the code that processes input.

Server-side security war games: Part 11

This is level 11. Your clue is that “XOR encryption” is not encryption. Let’s look in the cookies to find out they have XOR-ed, so we can mess with it.

Server-side security war games: Part 8

Level 8 shows us another “Input secret” form. Let’s examine the source again. This time, there is an “encoded” secret. Let’s try to reverse engineer this. They’re using bin2hex, strrev, and base64_encode – those are all trivially reversible.

Server-side security war games: Part 6

On level 6, there is a curious “Input secret” form. I wonder what it does? Well, there is also a “View sourcecode” link, which will presumably show us the source code for that form. Then, we can try to anaylze whether it has any weaknesses we can take advantage of.

OMG, is that WordPress?!

I’m a Perl guy. I like the language a lot – how it looks, how it works… Even if it isn’t perfect, I like it a lot. But I also love things that work, and Wordpress works.